本文深入解析了NPF_CreateDevice函数,包括设备创建过程、符号链接生成逻辑及其涉及的关键API,详细介绍了函数内部如何进行设备名称验证、初始化与创建。
NPF_CreateDevice:这个函数主要是创建设备,并为设备创建符号链接,这其中涉及到的标准API请参考wdk文档
- 首先会对传递进来的设备名字做合法性判断:()
if (RtlCompareMemory(amacNameP->Buffer, devicePrefix.Buffer,
devicePrefix.Length) < devicePrefix.Length)
{
return FALSE;
}NDIS_STRING devicePrefix = NDIS_STRING_CONST(//Device// )
- 然后会对设备名字和符号链接名字做一系列的初始化,如分配空间,组合字符串等
deviceName.Length = 0;
deviceName.MaximumLength = (USHORT)(amacNameP->Length + g_NPF_Prefix.Length + sizeof(UNICODE_NULL));
deviceName.Buffer = ExAllocatePoolWithTag(PagedPool, deviceName.MaximumLength, '3PWA');if (deviceName.Buffer == NULL)
return FALSE;deviceSymLink.Length = 0;
deviceSymLink.MaximumLength =(USHORT)(amacNameP->Length-devicePrefix.Length
+ symbolicLinkPrefix.Length
+ g_NPF_Prefix.Length
+ sizeof(UNICODE_NULL));deviceSymLink.Buffer = ExAllocatePoolWithTag(NonPagedPool, deviceSymLink.MaximumLength, '3PWA');
if (deviceSymLink.Buffer == NULL)
{
ExFreePool(deviceName.Buffer);
return FALSE;
}RtlAppendUnicodeStringToString(&deviceName, &devicePrefix);
RtlAppendUnicodeStringToString(&deviceName, &g_NPF_Prefix);
RtlAppendUnicodeToString(&deviceName, amacNameP->Buffer +
devicePrefix.Length / sizeof(WCHAR));RtlAppendUnicodeStringToString(&deviceSymLink, &symbolicLinkPrefix);
RtlAppendUnicodeStringToString(&deviceSymLink, &g_NPF_Prefix);
RtlAppendUnicodeToString(&deviceSymLink, amacNameP->Buffer +
devicePrefix.Length / sizeof(WCHAR)); - 最后就是创建设备和符号链接
status = IoCreateDevice(adriverObjectP,
sizeof(DEVICE_EXTENSION),
&deviceName,
FILE_DEVICE_TRANSPORT,
#ifdef __NPF_NT4__
0,
#else //__NPF_NT4__
FILE_DEVICE_SECURE_OPEN,
#endif //__NPF_NT4__
FALSE,
&devObjP);IoCreateSymbolicLink(&deviceSymLink,&deviceName)
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
